davidf@CS.HW.AC.UK (David.J.Ferbrache) (02/26/90)
A number of British readers may be aware that the Computer Threat Research Association was formed recently to address a wide range of computer security and integrity issues, including the establishment of a central library of viral materials and an active research group for work on viruses. As virus SIG co-ordinator I would like to arrange a meeting of the SIG in the last week of March, issues I hope to discuss are establishment of: 1. A central UK library of viral materials available to all bona-fide virus researchers (fortunately the definition of bona-fide is being tackled by another committee) 2. A number of sites with a test bed set of viruses for evaluation of commercial and public domain anti-viral products 3. A network of formal or informal connections to deal with future occurences of bulk mailed trojan horses, major new viral strains or network worms The AIDS trojan horse clearly indicated the lack of a well organised network of virus/trojan workers in the field. The response, while enthusiastic, did duplicate much effort accross a number of separate sites. While I realise that commercial considerations often temper the distribution of information between workers in the field, I feel that issues such as the AIDS trojan must circumvent industrial confidentiality to allow a sharing of information, and division of workload. With complex disassemblies it is likely that details of protection mechanisms (particularly self-modifying code) may be missed by one researcher and detected by another. The cross-checking of disassemblies is vital to the accuracy of the final product. The Internet worm caused formalisation of the "old-boy" network, resulting in the creation of an excellent rapid response system (CERT) with formal links with established experts in the field. I hope that such a structure will evolve in the UK, preferably with government recognition of the important role that such an organisation will play in the security and integrity of personal and mainframe computer systems. I would be interested in any feedback on the above comments (preferably constructive criticism). Hopefully such a reporting network will not be restricted to member of CoTRA but will include all workers in the field (academic, commercial and governmental). - ------------------------------------------------------------------------------ Dave Ferbrache Internet <davidf@cs.hw.ac.uk> Dept of computer science Janet <davidf@uk.ac.hw.cs> Heriot-Watt University UUCP ..!mcvax!hwcs!davidf 79 Grassmarket Telephone +44 31-225-6465 ext 553 Edinburgh, United Kingdom Facsimile +44 31-220-4277 EH1 2HJ BIX/CIX dferbrache - ------------------------------------------------------------------------------